CVEs from 2020

3,811 normalized CVEs published or assigned in this year.

Total

3,811

critical

critical 206

high

high 563

medium

medium 743

low

low 59

% Critical

5.4%

% with KEV

3.8%

% with exploit

5.4%

Top vendors

Top products

retail_xstore_point_of_service 33
banking_digital_experience 30
primavera_unifier 29
retail_service_backbone 15
financial_services_institutional_performance_analytics 13
insurance_policy_administration_j2ee 11
communications_network_charging_and_control 10
enterprise_manager_base_platform 10

Top packages

PyPI/tensorflow-cpu 146
PyPI/tensorflow-gpu 146
PyPI/tensorflow 146
Packagist/drupal/core 67
PyPI/salt 64
PyPI/ansible 61
Packagist/magento/community-edition 61
Maven/com.fasterxml.jackson.core:jackson-databind 55

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2020-6418	high	—	10.0				5y ago	Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web…
CVE-2020-6507	high	—	9.0				—	Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15238	high	—	9.0				—	Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depe…
CVE-2020-16040	high	—	9.0				—	Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-13379	high	—	9.0				4y ago	RHSA-2020:2641: grafana security update (Important)
CVE-2020-12351	high	—	9.0				6y ago	Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2020-12352	high	—	9.0				6y ago	Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2020-8617	high	—	9.0				6y ago	RHSA-2020:2338: bind security update (Important)
CVE-2020-7656	low	—	3.5				6y ago	RHSA-2021:4142: pcs security, bug fix, and enhancement update (Low)